Solutions: Patching

Michelle Drolet

The funkily-named bug of the week is GHOST. Its official moniker is the less catchy CVE-2015-0235, and it’s a vulnerability caused by a buffer overflow in a system library that is used in many, if not most, Linux distributions. A buffer overflow is where you assume, for example, that when you handle a four-byte network number written out as

Michelle Drolet

3 ways to make your Outlook.com account safer by John Hawes Following on from our detailed guide to securing your webmail, here’s a quick breakdown of how to make the most important fixes for users of Microsoft’s Outlook.com (formerly known as Hotmail and, for a while, Windows Live Hotmail). Controls affecting Outlook.com security are mainly found in

Michelle Drolet

By: Solange_Desc1 Security researchers have discovered a new software bug known as the “Bash Bug” or “Shellshock,” or to those more technically “in-the-know” as GNU Bash Remote Code Execution Vulnerability (CVE-2014-6271)(link is external). This bug, more correctly termed, ‘vulnerability’, potentially allows attackers to gain control over targeted computers. The bug is present in a piece of computer

Michelle Drolet

by Paul Ducklin on September 3, 2014 Yesterday was Firefox’s most recent Fortytwosday(updates come out every 42 days, on Tuesdays, in a nod to Douglas Adams), bringing us to Firefox 32.0. For those who like to keep their feature set behind the leading edge, yet stay on top of security fixes, there’s also ESR 24.8 and ESR 31.1. ESR is short for Extended Support Release;

Michelle Drolet

Good Afternoon: The IT infrastructure your organization may use for day-to-day business may be vulnerable because of the Heartbleed vulnerability. Sophos a Towerwall partner has prepared a podcast of the Heartbleed vulnerability, which addresses who is likely affected, workarounds and an offer to help determine if you are vulnerable. http://nakedsecurity.sophos.com/2014/04/10/sscc-142-heartbleed-explained-patches-evaluated-apple-chastised-podcast/ If you think you may

Michelle Drolet

by Paul Ducklin on March 12, 2014 We already wrote about Microsoft’s March 2014 patches, noting that, as usually happens, there was an All-Points Bulletin for Internet Explorer coming up. Microsoft doesn’t call them APBs, of course – they are Cumulative Security Updates, with one bulletin covering all the numerous versions, bitnesses and CPU flavors of Redmond’s IE browser.

Michelle Drolet

Zeus, also known as Zbot, is a malware family that we have written about many times on Naked Security. We’ve covered it as plain old Zbot. We’ve covered the Citadel variant, which appeared when the original Zbot code was leaked online. We’ve even written about the time it pretended to be a Microsoft fix for CryptoLocker, a completely different

Michelle Drolet

For today’s Patch Tuesday, Microsoft released seven bulletins (a surprise after only announcing five last week) and Adobe released one. There are four critical advisories, to me the most important of which is MS14-010 affecting Internet Explorer versions 6 through 10. This patch fixes 24 vulnerabilities, one of which has been publicly disclosed. Considering that

Michelle Drolet

Patch Tuesday January 2014 – Microsoft, Adobe and Oracle by Chester Wisniewski As expected Microsoft delivered four patches on patch Tuesday covering Windows XP, 2003, 7, 2008 R2, Word and Dynamics. All four patches are rated important, the first time in memory that none of the fixes were critical. The Word fix applies to all